January 3

uvmmind.png

Dear Security Professional,

I’m delighted to let you know that you are one of the first respondents to VeriSign’s recent direct mail offer. That means that you are the lucky winner of the enclosed free gift!


or so the letter went. The enclosed free gift was a 1GB USB memory stick but what they failed to mention was that the memory stick concealed another enclosure, a worm! Thank’s VeriSign.

The letter also went on to proclaim VeriSign as “.. the #1 trust mark on the Web”. Oh, the irony.

The worm in question WORM_AUTORUN.BQ and is described on Trend Micro’s Virus Encyclopaedia.

This worm may arrive via removable drives. It may arrive bundled with malware packages as a malware component. It may be downloaded unknowingly by a user when visiting malicious Web sites.
This worm drops copies of itself. It creates registry entries so that when certain Security-related programs are run, the malware file would be executed instead.

This worm drops copies of itself in all physical drives. It drops copies of itself in all removable drives. It also drops an AUTORUN.INF file to automatically execute its dropped copies when the said drives are accessed.

This worm accesses the certain URLs to download files. However, the said site is inaccessible as of this writing.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AUTORUN.BQ